A longtime reader sent me a really good question today. If I had a USB flash drive and I didn’t know where it’s been or what it’s done, how would I clean it to make it safe to use? He said using Linux was fair game, so that made the answer a lot easier.
I’d use something running Linux to clean it because the chances of it containing Linux malware are lower than the chances of it containing anything else. And if you boot off a Linux live CD, there’s nothing for the drive to infect anyway–the environment goes away as soon as you power down.
Then mount the drive. How you do this will vary, but here’s how in Ubuntu derivatives.
Now, wipe the boot record. The line below assumes the USB drive is mounted as /dev/sdb, but verify it first!
dd if=/dev/zero of=/dev/sdb bs=512 count=1
This wipes out the boot record and the partition table. If the USB drive happened to be harboring a boot-sector virus, it will meet its end at the hand of that command.
Next, create a new partition. Use the command cfdisk to make it easy with a menu-driven program. You’ll probably just want to create a single partition.
Finally, format the new partition. Here’s an example–verify the partition and modify the command appropriately.
mkdosfs -F 32 -n “usbdisk” /dev/sdb1
After that, you can shut down the machine, unplug the USB device, plug it in to a Windows computer, and use it with no risk.
This procedure doesn’t sanitize the device to Department of Defense standards–not by a long shot. It overwrites the data to the point where you won’t accidentally infect yourself, but any data destroyed in this manner can be recovered relatively easily, though not with native Windows tools.
Wiping the data securely isn’t the goal here–and it would reduce the lifespan of the drive with little to gain. What these four relatively easy steps will do is make the drive safe to use again.